phpBB Arbitrary File Disclosure Vulnerability
Date: Wednesday, February 23 @ 14:23:38 CET Topic: Security
Security Alert: phpBB Group phpBB Arbitrary File Disclosure Vulnerability! The remote exploitation of an input validation vulnerability in the phpBB
Group's phpBB2 bulletin board system allows attackers to read the
contents of arbitrary system files under the privileges of the web
server.
Exploitation of this vulnerability allows remote attackers to view arbitrary system files under the privileges of the underlying web server. An attacker must have, or be able to create an account on the
target system. Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system
information that would otherwise be inaccessible to the attacker.
More information:
idefense
phpbb.com
mitre.org
|
|